Multi Cloud IaaS with Domain Trust in OpenStack

Abstract

As cloud services have been firmly accepted by enterprises, the current challenge is how to share these resources among increasing number of cloud platforms. Currently, cloud platforms such as OpenStack, the de facto open-source platform for cloud Infrastructure-as-a-Service (IaaS), offer limited cross-cloud access capabilities in their federation APIs. In this paper, we present a fine-grained cross-cloud domain-trust model enabling resource sharing between domains across distinct homogeneous clouds. We further present a formalized description of core multi-cloud OpenStack access control (MC-OSAC) with proposed domain trust extension. We have implemented a proof of concept with extending OpenStack identity and federation services to support cross-cloud domain trust. Our approach does not introduce any authorization overhead within current OpenStack federation model.